QwikSec

Security Database

CVE

CWE

Training

CVE-2009-2624

Published: Jan 29, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://support.apple.com/kb/HT4435

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

vendor-advisory

x_refsource_UBUNTU

https://bugzilla.redhat.com/show_bug.cgi?id=514711

x_refsource_CONFIRM

[bug-gzip] 20091002 gzip-1.3.13 released [major]

mailing-list

x_refsource_MLIST

APPLE-SA-2010-11-10-1

vendor-advisory

x_refsource_APPLE

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_MANDRIVA

http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

SUSE-SA:2010:008

vendor-advisory

x_refsource_SUSE

third-party-advisory

x_refsource_SECUNIA

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.